LDAP (Lightweight Directory Access Protocol) is a protocol that applications can use to retrieve data about users and groups from an LDAP server.
You must have a Skylight "Admin" role in order to configure LDAP.
To connect Skylight to an LDAP directory:
- 1.Navigate to Domain Settings and select the Authentication tab.
- 2.Ensure SAML authentication is configured prior to configuring LDAP.
- 3.Clickto enable LDAP federation.
- 4.Input the Server Configuration:
- (Optional) Vendor - Any nickname to describe the vendor of the LDAP server.
- Server hostname - The hostname or IP address of the LDAP server.
- (Optional) Server port - The port of the LDAP server.
- 5.(Optional) If connecting to the LDAP server over a secure connection, input the Security Configuration:
- Security method - The security method for connecting to the LDAP server.
- Certificate hostname - The hostname to verify the certificate against.
- Skip certificate hostname verification - Flag to connect without verifying the certificate's host against certHostname.
- rootCAsPem - PEM encoded string that defines the root CA(s) that clients use when verifying the server certificate.
- 6.Input the Administration Account information:
- Bind DN - The username used to connect to the LDAP server.
- Bind credential - The password used to connect to the LDAP server.
- 7.Input the User Directory Configuration:
- Base DN - The base DN for your directory. (ex. cn=users,dc=ad,dc=example,dc=com)
- UUID attribute - The LDAP attribute you use to uniquely identify your users. (ex. sAMAccountName)
- Automatic sync interval (in hours) - The interval in which Skylight should synchronize the user and group data with the LDAP server.
- 8.(Optional) SelectUser Attributes next to User Directory Configuration to map LDAP user attributes to Skylight user attributes.
- 9.Configure the Query / Filter Configuration to input filter queries for mapping LDAP users to Skylight groups and/or roles .
- 10.Click SAVE in the bottom-right of the window to commit your changes.
To manually trigger a sync of the users and groups from the LDAP server into Skylight outside of the configured sync interval:
- 1.Press thebutton under User Directory Configuration.